Re: [homenet] HNCP
Markus Stenberg <markus.stenberg@iki.fi> Wed, 05 March 2014 09:09 UTC
Return-Path: <markus.stenberg@iki.fi>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 888C11A01C7 for <homenet@ietfa.amsl.com>; Wed, 5 Mar 2014 01:09:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wxd5vAAkzAJF for <homenet@ietfa.amsl.com>; Wed, 5 Mar 2014 01:09:49 -0800 (PST)
Received: from kirsi1.inet.fi (mta-out.inet.fi [195.156.147.13]) by ietfa.amsl.com (Postfix) with ESMTP id B02661A0200 for <homenet@ietf.org>; Wed, 5 Mar 2014 01:09:48 -0800 (PST)
Received: from [192.168.43.129] (80.220.67.193) by kirsi1.inet.fi (8.5.140.03) (authenticated as stenma-47) id 529734CF081447C9; Wed, 5 Mar 2014 11:09:32 +0200
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <5316E1EE.7040200@globis.net>
Date: Wed, 05 Mar 2014 09:09:30 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <06EF824C-9D02-4EEA-A257-6AE5304CDAE4@iki.fi>
References: <58809B4D-CCE4-4DAC-9A1A-DD475584E65B@iki.fi> <6BF5B681-446C-4BCA-9B53-A05A9D4A9E38@townsley.net> <52FE480F.3030801@globis.net> <52FE6E9B.3060107@openwrt.org> <5316E1EE.7040200@globis.net>
To: Ray Hunter <v6ops@globis.net>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/MydGWfLdYi4paWEV4LesfRanjlU
Cc: Steven Barth <cyrus@openwrt.org>, Markus Stenberg <markus.stenberg@iki.fi>, Mark Townsley <mark@townsley.net>, "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] HNCP
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 09:09:51 -0000
On 5.3.2014, at 8.35, Ray Hunter <v6ops@globis.net> wrote: > Thinking further about what should or should not be in HNCP. > > Is HNCP a useful place to standardise negotiation and maintenance of trust anchors? I’m not sure. It is definitely feasible place for it, though.. > I know many pieces of kit support a 'peer now' button (Bluetooth audio, DECT phones, Powerline Ethernet), which triggers a leap of faith that direct neighbours in the same mode are trustworthy, but I'm not aware of any IETF standardised way that Homenet devices could negotiate e.g. a common encryption key or private root certificate. > > As a rough sketch: > > an external trigger [physical button, GUI command, first power on, factory specific action] places one or more devices into "leap of faith" mode > each device generates a candidate encryption key or private key on the fly > device detects direct neighbours in similar leap of faith negotiation mode > two neighbouring devices establish a secure channel between the pair > neighbouring devices exchange certificates or keys and optionally enter them into a store, so that the direct neighbors can authenticate each other in the future without entering leap of faith mode. Given multiple scopes of HNCP (e.g. PA draft assumes that there is both linklocal and network-wide set of TLVs; currently only the later is done so we use network-wide TLVs even when we don’t need to in the implementation), this would be fairly straightforward to do; announce the faith negotiation mode using linklocal(ish) TLV, and then define an exchange that basically is just ‘hey, you want to trust me, right?’ and vice versa. We have a student look at this starting in April, but obviously input is solicited here too; is this a good idea? Should we instead assume public/private keys and associated trust data just show up magically and use that? Cheers, -Markus
- [homenet] Two new drafts (and third one 'soon') Markus Stenberg
- [homenet] HNCP Mark Townsley
- Re: [homenet] HNCP Townsley.net
- Re: [homenet] HNCP Dave Taht
- Re: [homenet] HNCP Ray Hunter
- Re: [homenet] HNCP Steven Barth
- Re: [homenet] HNCP Mikael Abrahamsson
- Re: [homenet] HNCP Ray Hunter
- Re: [homenet] HNCP Markus Stenberg
- Re: [homenet] HNCP Teco Boot